Organizations that rely extensively on computer systems in carrying out their business need to have control over their internal information. In addition to malware threats, these organizations may need to protect their information from accidental and intentional employee mishandling. A leak of intellectual property, financial data, or employee email can potentially harm a company. This has led companies to use information rights management systems.
Many current information rights management (IRM) systems may protect data by embedding themselves within the applications used to create, edit, or view information. IRM-system providers, consequentially, may tailor their software to support each individual application and each operating system used by their clients. Although IRM systems often store confidential data in an encrypted state, the data may sit decrypted in memory while in use. Attacks targeted at host operating systems or specific applications may compromise the IRM system and result in a loss or theft of the confidential data in memory.
Virtualization and trusted hardware technologies have emerged as possibilities for overcoming these problems. Computer scientists have proposed systems for rudimentary digital rights management that utilize these technologies. However, these systems may fail to provide an adequate framework for creating a widely adaptable, policy-based information rights management system that meets customers' broad-ranging needs.